CVE-2025-55160: ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree

Target: ImageMagick (commit ecc9a5eb456747374bae8e07038ba10b3d8821b3 )
Type: Undefined Behavior (function-type-mismatch) in splay tree cloning callback
Impact: Deterministic abort under UBSan (DoS in sanitizer builds). No crash in a non-sanitized build; likely low security impact.
Trigger: Minimal 2-byte input parsed via MagickWand, then coalescing.

August 25, 2025

References

Code Behaviors & Features

Detect and mitigate CVE-2025-55160 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →